Skip to content
Gratan is a tool to manage MySQL permissions. It defines the state of MySQL permissions using Ruby DSL, and updates permissions according to DSL.
Branch: master
Clone or download
Latest commit 8c64932 Apr 22, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin Add --wait-timeout option Apr 19, 2019
lib Bump up version Apr 22, 2019
spec Remove coveralls Jan 6, 2019
.gitignore Fix for FUNCTION/PROCEDURE May 27, 2015
.rspec Add spec skelton Oct 5, 2014
.travis.yml Fix travis ruby version Jan 6, 2019
Gemfile first commit Oct 4, 2014
LICENSE.txt first commit Oct 4, 2014
README.md Remove coveralls Jan 6, 2019
Rakefile Add spec skelton Oct 5, 2014
docker-compose.yml Support MySQL 5.7 Nov 5, 2018
gratan.gemspec Remove coveralls Jan 6, 2019

README.md

Gratan

Gratan is a tool to manage MySQL permissions.

It defines the state of MySQL permissions using Ruby DSL, and updates permissions according to DSL.

Gem Version Build Status

Notice

  • >= 0.3.0
    • Support template
  • >= 0.3.1
    • Fix <secret> password

Installation

Add this line to your application's Gemfile:

gem 'gratan'

And then execute:

$ bundle

Or install it yourself as:

$ gem install gratan

Usage

gratan -e -o Grantfile
vi Grantfile
gratan -a --dry-run
gratan -a

Help

Usage: gratan [options]
        --host HOST
        --port PORT
        --socket SOCKET
        --username USERNAME
        --password PASSWORD
        --database DATABASE
    -a, --apply
    -f, --file FILE
        --dry-run
    -e, --export
        --with-identifier
        --split
        --chunk-by-user
    -o, --output FILE
        --ignore-user REGEXP
        --target-user REGEXP
        --ignore-object REGEXP
        --enable-expired
        --ignore-not-exist
        --ignore-password-secret
        --skip-disable-log-bin
        --override-sql-mode
        --use-show-create-user
        --no-color
        --debug
        --auto-identify OUTPUT
        --csv-identify CSV
        --mysql2-options JSON
    -h, --help

A default connection to a database can be established by setting the following environment variables:

  • GRATAN_DB_HOST: database host
  • GRATAN_DB_PORT: database port
  • GRATAN_DB_SOCKET: database socket
  • GRATAN_DB_DATABASE: database database name
  • GRATAN_DB_USERNAME: database user
  • GRATAN_DB_PASSWORD: database password

Grantfile example

require 'other/grantfile'

user "scott", "%" do
  on "*.*" do
    grant "USAGE"
  end

  on "test.*", expired: '2014/10/08', identified: "PASSWORD '*ABCDEF'" do
    grant "SELECT"
    grant "INSERT"
  end

  on /^foo\.prefix_/ do
    grant "SELECT"
    grant "INSERT"
  end
end

user "scott", ["localhost", "192.168.%"], expired: '2014/10/10' do
  on "*.*", with: 'GRANT OPTION' do
    grant "ALL PRIVILEGES"
  end
end

Use template

template 'all db template' do
  on '*.*' do
    grant 'SELECT'
  end
end

template 'test db template' do
  grant context.default

  context.extra.each do |priv|
    grant priv
  end
end

user 'scott', 'localhost', identified: 'tiger' do
  include_template 'all db template'

  on 'test.*' do
    context.default = 'SELECT'
    include_template 'test db template', extra: ['INSERT', 'UPDATE']
  end
end

Run tests

bundle install
docker-compose up -d
bundle exec rake
# MYSQL57=1 bundle exec rake

Similar tools

What does "Gratan" mean?

You can’t perform that action at this time.